Ethereal-users: Re: [Ethereal-users] WinDump Output

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 16 Sep 2003 10:34:56 -0700
On Tue, Sep 16, 2003 at 12:27:42PM -0500, Munshi, Shahid K. (Manpower Contract) wrote:
> It says:
> 1410 packets received by filter

Which probably means that the WinPcap driver saw 1410 packets.  If they
weren't UDP packets, it would have filtered them out when capturing with
"udp" as a capture filter, so they wouldn't be printed.

> But, If I type command:
> 
> windump -ne -s100
> 
> This is without any protocol filter.
> 
> It prints out in output windows different number of packets than It
> reports after pressing CTRL + C. 

What are the two numbers?

Note that the number printed as "received by filter", if it comes from
the WinPcap driver (as I think it does), can include packets that have
not yet been read by WinDump - and, as you've terminated WinDump by
typing control-C, those packets never will be read by WinDump.